IG details unaddressed tech concerns at Commerce

IT systems, cyber-security and the nation's satellite programs dominate the Commerce Department's list of problems to address, according to that department's inspector general.

In late December, Commerce IG Todd Zinser sent the House Oversight and Government Reform Committee an itemized list of his office's highest-priority recommendations that have yet to be implemented. The memo highlighted major IT security deficiencies in the National Telecommunications and Information Administration [NTIA] and security weaknesses in the International Trade Administration that increase the odds of a successful cyber-attack.

"For our NTIA audit, we determined that fundamental steps for securing NTIA's information and systems have not been taken," the IG's letter states. "For our ITA audit, we identified security weaknesses, including inadequate security categorization that may affect protection against critical information and security control deficiencies that increase the likelihood of a successful cyber-attack."

The review highlighted multiple IT security deficiencies for both agencies, including "inadequate security categorizations that jeopardize critical bureau information" for NTIA and "the presence of unauthorized software and use of unauthorized removable media" at ITA.

Both agencies have failed to implement two significant recommendations as of Dec. 28, the report states.

However, some of the corrective actions take years to fully implement, said Commerce spokesperson Dave Smith, so "the findings will appear outstanding in our responses to these types of periodic requests."

The IG's report highlighted lingering unimplemented recommendations in several other corners of Commerce as well.

In a September 2012 audit, for example, the National Oceanic and Atmospheric Administration was found to lack reliable cost-estimating for major systems acquisitions, which could jeopardize the effectiveness of its partnership with NASA to establish the Joint Polar Satellite System program to mitigate data gaps from decreased polar satellite coverage.

The audit found satellite launch costs varied greatly over a relatively short time period - a sign of unreliability - leading the IG to recommend NOAA develop a policy that adheres to cost-estimating best practices and to ensure an independent cost estimate tests the viability of the program's funding profile. The report estimates the recommendations to NOAA should be completed within one year.

In addition, the IG's status report to Congress highlights as-of-yet unfulfilled recommendations necessary to reduce the expect cost of the Census Bureau's 2020 decennial census from as much as $30 billion to somewhere between $12 billion to $18 billion. Among the most important, the report states, are the exploration of Internet and web-based response options, automated field data collection alternatives and properly utilizing administrative records.

The report also found that IT automation improvements could reduce development risk in the agency's project to develop the next generation of computer systems designed to automate patent processing, necessary to reduce a backlog of 700,000 unprocessed patents.

"Unless [the U.S. Patent and Trademark Office] improves its current long-term planning, it cannot guide the project's building and deployment strategies," the report states.

The Census Bureau hasn't established a time frame for its cloud computing plans, including testing for scalability, security, and privacy protection, as well as determining a budget for cloud services.